Syndicated Blog

CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The ...

The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer ...

I am happy to announce the release of NetworkMiner 2.8.1 today! This new release brings a VNC parser to NetworkMiner, so that screenshots, keystrokes and clipboard data can be extracted from unencrypted ...

I analyzed a PCAP file from a sandbox execution of the Evil Extractor stealer malware earlier today. This stealer collects credentials and files of interest from the victim's computer and exfiltrates them ...

PolarProxy is constantly being updated with new features, enhanced performance and bug fixes, but these updates are not always communicated other than as a short mention in the ChangeLog. I would therefore ...

Brad Duncan published IcedID (Bokbot) from fake Microsoft Teams page earlier this week. In this video I take a closer look at the PCAP file in that blog post. The video cannot ...

CapLoader 1.9.5 was released today! The most important addition in the 1.9.5 release is the new Alerts tab, in which CapLoader warns about malicious network traffic such as command-and-control protocols. The alerts ...

I will be teaching two live online network forensics classes this spring, one in March and one in April. The March class is adapted to American time and the April one is ...

I am happy to announce the release of NetworkMiner 2.8 today! This new version comes with an improved user interface, better parsing of IEC-104 traffic and decapsulation of CAPWAP traffic. The professional ...

PCAP-over-IP is a method for reading a PCAP stream, which contains captured network traffic, through a TCP socket instead of reading the packets from a PCAP file. A simple way to create ...